One struggle that became obvious when trying to implement this approach at scale is that you are required to approve all the transitive dependencies down the chain too. NPM projects especially become unreasonable to maintain quickly. As an example one of my pretty basic Homebridge plugins has a total of 15 dependencies between
devDependencies - after deduplication the dependency tree has more than 800 items. That is not maintainable through Nexus content selectors.
A different approach, which does not prevent downloading, is to integrate checks into the code quality analysis performed by SonarQube. There are no rules built in to do this though, so a custom plugin was required.